2024
Developer Survey
About the survey
Bitwarden partnered with Propeller Insights to poll 600 developers across a wide range of industries who play a key role in software development.
The findings show developers value implementing ‘secure by design’ measures but are being hamstrung by technical challenges, staffing constraints, and limited security training.
As developers continue to manage a large number of secrets, they must also guard against data breaches that pose a material threat to their organizations and harness a generative AI explosion that offers both promise and peril.
Developer Training & Secrets Management
Secrets management solutions are common
A majority of respondents (86%) use a secrets management solution
4
2024 Developer Survey
19%
Increase workplace productivity
86%
Yes
14%
No
Risky secrets management practices persist
65% of respondents hard-coded secrets in source code and more than half (55%) keep secrets in clear text via spreadsheet or messaging apps
5
2024 Developer Survey
Secrets management tool
Hard-coded in source code
Shared in clear-text via spreadsheet or messaging apps
85%
65%
55%
Managing 100 or more secrets is the norm
Over half (60%) manage 100 or more secrets
6
2024 Developer Survey
10 - 100
100 - 300
300 - 500
500+
33%
33%
18%
9%
Half spend 10+ hours on secrets
51% of respondents spend 10 or more hours a week managing secrets
7
2024 Developer Survey
17%
20%
29%
26%
5 - 10 hours
10 - 15 hours
25+ hours
15 - 25 hours
1- 5 hours
8%
Complexity, compliance, cyber-crime
The top 3 most urgent factors influencing the deployment �of a secrets management solution are:
8
2024 Developer Survey
39%
Evolving compliance and regulatory requirements
44%
Complexity of secrets management across multiple applications
36%
Increasing frequency of high-profile breaches
Don’t sleep on
secrets management
Majority of respondents cite the implementation of a secrets management solution for their development team in the next 12 months as an immediate priority
9
2024 Developer Survey
31%
Priority over the next
6 months
59%
Immediate priority
4%
Not a priority
6%
Priority over
the next year
Top 5 buying decisions
48% said ease of integration is the most important factor driving the selection of a secrets management product
10
2024 Developer Survey
37%
37%
48%
44%
41%
Company security posture
Features
Scalability
Company reputation
Ease of integration
Gap between desire for security trainings and actual security trainings
68% of respondents rate continuous security training as ‘extremely important’ for developer teams
11
2024 Developer Survey
Extremely important
Very important
Moderately important
Slightly important
68%
28%
3%
1%
Gap between desire for security trainings and actual security trainings
Despite overwhelming support for the importance of training, close to half (43%) undergo
security training only once a year or less than once a year
12
2024 Developer Survey
More than once a year
Once a year
Only as needed
Never
57%
35%
8%
1%
Authentication & Access Management
Passkeys permeate work and life
68% of developers have used passkeys for accessing work applications; 60% for accessing personal applications
14
2024 Developer Survey
I use passkeys for accessing work applications
I use passkeys for accessing personal applications
I have not used a passkey but know what these are
I do not know what these are
68%
60%
21%
3%
Passkeys are a work in progress
83% are actively building passkey features for customers and 41% have plans to implement them in the future
15
2024 Developer Survey
41%
Have plans to implement them in the future
83%
Are actively building passkey features for customers
37%
Are unsure about plans to implement them in the future
Passwords are (yes, still) here to stay
While FIDO2 and passkeys have received attention as a potential password alternative, just 36% think they will replace passwords
16
2024 Developer Survey
They will become the dominant
method and replace passwords
They will coexist with passwords
and other authentication methods
They might be replaced by newer technologies
They are just a temporary trend
Unsure/No opinion
36%
33%
19%
7%
4%
Out with the old, in with the new? Not so fast
When considering wider adoption of passwordless authentication, a quarter believe compatibility with existing systems will be the top challenge
17
2024 Developer Survey
17%
15%
25%
23%
20%
Challenge of
updating legacy password-dependent applications
Potential new security vulnerabilities
Cost of implementation and transition
User education and adoption
Compatibility with existing systems
Passwords + 2FA = winning combination
Increasing 2FA adoption (41%) and increasing password security (33%) are the two top authentication priorities
18
2024 Developer Survey
Increase two-factor authentication adoption
Increase password security
Increasing user security
Improving user experience
It is not a priority
41%
33%
12%
12%
2%
Optimists abound: better UX and better
security are possible
As the industry moves towards passwordless solutions, 36% expect improvement in UX without compromising security; 26% expect better UX but potential security risks
19
2024 Developer Survey
Significant improvement in user experience without compromising security
Better user experience but potential
security risks
Potentially confusing for users, but necessary for advanced security
No change in user experience but enhanced security
Unsure/no opinion
36%
26%
25%
11%
2%
Data breaches are a real headache
Over three-fourths (76%) of developers have been impacted by a data breach, with
24% reporting the breach caused substantial damage
20
2024 Developer Survey
Yes – a breach occurred but had minimal or manageable impact on the company
Yes – a breach caused substantial damage and disruption to the company
No, none of the organizations I've worked at have been breached before
Yes, a breach was detected but resulted in no notable damage to the company
Unsure – I’ve never been aware of a breach at any organization I’ve worked at
30%
24%
22%
18%
7%
Employees see passkeys in their future
87% percent are actively building passkey features for employees and 89% plan to implement them in the future.
21
2024 Developer Survey
87%
Yes
13%
No
API providers
viewed as credible
Over two-thirds (77%) are open to using an API provider for authenticating passkeys
22
2024 Developer Survey
77%
Yes, I’m open to using an API provider for authentication solutions
4%
No, I’m not inclined to use any external service provider
19%
Yes, but I would prefer a pre-built solution that can be self-hosted
Insecure access methods persist
Although a majority use organization-provided devices to access work, one-fifth of respondents still use insecure options such as a public computer.
23
2024 Developer Survey
43%
42%
27%
21%
65%
49%
44%
Organization-provided desktop
Organization -provided smartphone
Personal smartphone
Personal computer
Public computer (e.g., internet cafe, university library)
Personal tablet
Organization-provided laptop
Security Principles & Customer Data
Securing customer data is critical
When considering implementation of new security measures, protecting customer data is the number one concern (24%), followed by integration with existing systems (17%)
25
2024 Developer Survey
24%
17%
15%
Integration with existing systems
Meet compliance standards
Usability for end-users
Scalability for future growth
Cost implications
Vendor reputation and reliability
Protect customer data
12%
12%
11%
9%
Developers want to shift left and get
security right
Almost all (94%) cite secure-by-design principles as very or extremely important in the development process
26
2024 Developer Survey
Extremely important
Very important
Moderately important
Slightly important
59%
34%
5%
1%
Short on time and understaffed
Although secure-by-design principles are important to developers, 26% claim implementation is too time consuming and 18% say they’re too understaffed and working tight deadlines
27
2024 Developer Survey
15%
18%
18%
The code undergoes frequent changes, making it seem less feasible
Our team is often understaffed and working under
tight deadlines
It hasn't been prioritized as a business objective
Developers support
it, but senior management
hasn't endorsed it
26%
Implementing it comprehensively is time-consuming
Our team lacks adequate threat modeling capabilities
12%
12%
AI & Future Security Challenges
Perception: generative AI will pose security challenges
Over three-fourths (78%) strongly or somewhat believe generative AI will make maintaining data security more challenging
29
2024 Developer Survey
Somewhat agree
32%
Neither agree nor disagree
12%
Somewhat disagree
7%
Strongly disagree
3%
Strongly agree
46%
AI considered the top future cyber threat
Over a third (38%) believe AI will pose the biggest cyber threat 5 years from now, followed by ransomware (19%) and poor cyber hygiene (16%)
30
2024 Developer Survey
38%
19%
16%
Ransomware
Poor cyber hygiene
Social engineering
Phishing
AI
14%
13%
Risky use of generative AI is pervasive
The top pieces of information respondents entered into a generative AI platform are as follows:
31
2024 Developer Survey
23% Bank/financial details
24% Sensitive health data
24% Legal documentation
30% Developer secrets
28% Customer information
25% Social security numbers
26% Intellectual property
24% Privileged credentials
AI investments are more than hype
Most (83%) have significantly or somewhat invested in AI technology
32
2024 Developer Survey
We have significantly
invested in AI technology
44%
We have somewhat
invested in AI technology
39%
We have not invested, but
have definite plans to invest
10%
We have not invested, but are actively considering investing
4%
We have not invested at all
3%
Conclusion
This developer survey underscores the industry-wide challenge of translating security awareness into action. Fortunately, developers have tools at their disposal (such as secrets management solutions) and are open to embracing new technologies (such as AI) to help manage and analyze data. Among the top findings:
Visit bitwarden.com/secrets/ to learn more.